This is just pure speculation, but it kind of looks like the hacker was being ignored by Snowflake, so they somehow got in touch with Hudson Rock and offered them this promotional opportunity (to break the news, more than the throwaway line in the article) with the goal of retaliating against Snowflake for failing to pay the ransom. And Hudson Rock agreed to play along and hype up the story, presenting it as a bigger breach than it really was. One wonders whether Hudson Rock was the first they went to, or just the first to take them up on the offer.

It's also possible that the firm is being trolled by the "threat actor."

Are you trying to say that the threat actor is just going up to firms they're trying to extort and telling them lies? Criminals just going around lying to people? Don't they know that's against the law?

You joke, but these threat actors live and die by their reputation. Either they’re being honest, or this is a one-off or exit.

I mean, most people aren't criminals... what are the odds of someone being a DOUBLE criminal!?

That particular exchange is bizarre and cartoonish. I don’t know what to make of it.

“should have bought protection from Hudson Rock could have saved them this one”

“yes i agree it wouldve helped for sure”

seems like a shameless marketing plug to me

It did seem very cringe worthy

It's a common euphemism in ransomware and protection rackets in general. One of my favourites is the message the akira group leaves in infected machines that goes something like:

    Congratulations, you have passed a surprise information
    security audit and become a victim of ransomware.

    [...]

    We offer:

    1) full decryption assistance
    2) evidence of data removal
    3) security report on vulnerabilities we found
    4) guarantees not to publish or sell your data
    5) guarantees not to attack you in the future

They're just a security consulting company that you didn't know you had on payroll!

Btw I looked at what they provide as evidence of data removal (2) and it's literally just the stdout of `rm -vrf data` lol. I mean, I get that it's impossible to provide evidence of absence, plus the victims have no leverage anyway, but I dig the theatrics.

The screenshots make this feel entirely fabricated or entirely marketing motivated.

If it's somehow real, omitting the hudsonrock message would be good sense.

I have mentally black listed this company.

Sounds like implied extortion to me.

they're also totally wrong about what they had access to . . .

in that you trust them less?

Absolutely the case for me. I don't give Snowflake much here, but Hudson Rock sells this exact type of "protection" and so far including BBC, no other independent verification?

This from the GP's link does it: “should have bought protection from Hudson Rock could have saved them this one”

We should thread carefully on this one.

It might be that they genuinely geeked out.

Hudson reputation would forever be scarred (badly) if they tried to manipulate the narrative.

Going down this hole also means we discredit the perpetrator, even if he did specifically reach out to Hudson.

Just wanted to say this so we don’t immediately jump to conclusions.

It's the first time I heard from Hudson and they didn't start out great reputation wise for me